<?php
include("inc.config.php");
include("class.parse_server_status.php");
$whoisService = 'https://www.nic.ru/whois/?query=';
$PSS = new parse_server_status($statusurl);
$active = $PSS->getActiveConnections();

//make array with ips only
$ips=array();
for ($i=0;$i<count($active);$i++) {
	$ips[] = $active[$i]['Client'];
}
//look for suspicious ips and write them into array
$suspectFactor = 6; //calls enough for suspect
$trustFactor = 'show_hide'; //substring in a request that makes an ip trustworthy
$suspects = array();
$countIps = array_count_values($ips);
foreach ($countIps as $ip=>$calls) {
	if ($calls >= $suspectFactor)  $suspects[] = $ip;
}
//make array with suspects and their requests
$suspectRequests = array();
foreach ($active as $no=>$data) {
	if (in_array($data['Client'],$suspects)) {
		$suspectRequests[$data['Client']][] = $data['VHost'].' '.$data['Request'];
	}
}
//make output with links if $suspectRequests array is not empty
if (count($suspectRequests)>0) {
	foreach ($suspectRequests as $ip=>$requests) {
		if (!substr_in_array($trustFactor, $requests)) {
			$output .= '<li><a href="'.$whoisService.$ip.'">'.$ip.'</a> (запросов: '.count($requests).')<ul>';
			foreach ($requests as $key=>$request) {
				$output .= '<li>'.$request.'</li>';
			}
			$output .= '</ul></li>';
			mail('mkorinets@gmail.com,6495359@gmail.com','Подозрительные IP-адреса',$output,"From: susIPicious@infinitiv.ru\r\nContent-Type: text/html\r\n");
		}
	}
}
	echo 'done';
function substr_in_array($needle, $haystack)
{
    /*** cast to array ***/
    $needle = (array) $needle;

    /*** map with preg_quote ***/
    $needle = array_map('preg_quote', $needle);

    /*** loop of the array to get the search pattern ***/
    foreach ($needle as $pattern)
    {
        if (count(preg_grep("/$pattern/", $haystack)) > 0)
        return true;
    }
    /*** if it is not found ***/
    return false;
}
?>